Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32313a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a32313a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          5p1OUxrIa4zQi/2KFsfn3uVsMCB92KVs6XUVWdHV0/o=
Subject key identifier:   AA:2F:8A:66:47:F0:DC:73:39:C5:38:2A:56:BA:F8:48:6E:F3:7D:DB
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       6CD6D39AE6BC33EB1997DF50826B003FE1BC42C3
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32313a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:42 +0000
ROA not before:           Wed 29 Sep 2021 23:55:42 +0000
ROA not after:            Fri 30 Sep 2022 00:00:42 +0000
asID:                     17451
IP address blocks:        2404:8000:21::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:d6:d3:9a:e6:bc:33:eb:19:97:df:50:82:6b:00:3f:e1:bc:42:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:42 2021 GMT
            Not After : Sep 30 00:00:42 2022 GMT
        Subject: CN=3082010A0282010100CA7DB2E7762D0CFF1C273D726CFFF765E23626CAAD92216CD512448A33721F67C73EAFD78F8A0E0D27BB2015A8BED7EBDF3DFCFDF8CFB1B251F0A9A4C1A9CA79FFBE48F5ED6484FB23FB25A788FF110BED8F519B99555183157C8A34F8C3A92429C52D4F292E20713CA6FA7AA2828147585084FDD2935B965033B1F11A8C3E3C6CFADA9E7F8846503F20C84AA1A674091F7034860DEFC06B0C130728C5FC65CBC9B54E27828EAF1A9B3EE9602570C7BB1D73403AD2257B1EB52EBCE9E691B572AD18A748E6A933550FC3DE18EEF7599255FFE34C2B8E56D710B98487ACF1904166C4C32ED3EB6F69F009C82B14A9825F75A493A2CA9C2216938AD1676C41EBE50203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7d:b2:e7:76:2d:0c:ff:1c:27:3d:72:6c:ff:
                    f7:65:e2:36:26:ca:ad:92:21:6c:d5:12:44:8a:33:
                    72:1f:67:c7:3e:af:d7:8f:8a:0e:0d:27:bb:20:15:
                    a8:be:d7:eb:df:3d:fc:fd:f8:cf:b1:b2:51:f0:a9:
                    a4:c1:a9:ca:79:ff:be:48:f5:ed:64:84:fb:23:fb:
                    25:a7:88:ff:11:0b:ed:8f:51:9b:99:55:51:83:15:
                    7c:8a:34:f8:c3:a9:24:29:c5:2d:4f:29:2e:20:71:
                    3c:a6:fa:7a:a2:82:81:47:58:50:84:fd:d2:93:5b:
                    96:50:33:b1:f1:1a:8c:3e:3c:6c:fa:da:9e:7f:88:
                    46:50:3f:20:c8:4a:a1:a6:74:09:1f:70:34:86:0d:
                    ef:c0:6b:0c:13:07:28:c5:fc:65:cb:c9:b5:4e:27:
                    82:8e:af:1a:9b:3e:e9:60:25:70:c7:bb:1d:73:40:
                    3a:d2:25:7b:1e:b5:2e:bc:e9:e6:91:b5:72:ad:18:
                    a7:48:e6:a9:33:55:0f:c3:de:18:ee:f7:59:92:55:
                    ff:e3:4c:2b:8e:56:d7:10:b9:84:87:ac:f1:90:41:
                    66:c4:c3:2e:d3:eb:6f:69:f0:09:c8:2b:14:a9:82:
                    5f:75:a4:93:a2:ca:9c:22:16:93:8a:d1:67:6c:41:
                    eb:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:2F:8A:66:47:F0:DC:73:39:C5:38:2A:56:BA:F8:48:6E:F3:7D:DB
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32313a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:21::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:41:9f:60:4b:91:1f:c4:f1:dc:41:c2:53:a6:f7:e7:15:ac:
         9e:50:10:f5:ab:39:0c:73:0e:72:72:0b:df:a6:8f:ab:bc:67:
         6c:d7:24:8a:5a:2c:c3:0e:d1:9d:16:9d:2a:9a:82:5d:af:83:
         c3:cd:b8:21:56:5f:4a:2b:bd:98:e0:2e:5f:c1:4d:44:ec:00:
         a1:7e:32:11:07:c4:60:c8:bc:fe:de:b7:85:e0:bd:9c:c6:6f:
         a5:3e:22:ae:5d:74:7d:c3:00:52:4c:f0:cf:83:bc:f9:51:e9:
         55:5d:eb:06:e0:b0:ea:af:8f:92:2a:8d:f6:13:9c:a4:0d:48:
         3f:ee:ab:2a:c2:79:a5:d7:4a:c8:f8:e7:69:55:36:29:49:76:
         21:bc:e5:e4:32:0d:e0:1b:b1:b1:b7:1e:26:ce:0d:39:9f:69:
         d7:b2:5d:df:48:f1:f5:32:d9:2f:59:f0:ca:47:37:63:18:7d:
         cd:f6:77:13:bf:07:3f:8b:e1:de:54:8e:38:41:90:85:30:08:
         d1:3c:b2:e5:4b:48:c9:5e:fc:7b:9c:ef:7f:68:18:83:07:e6:
         45:87:ec:46:58:61:d0:17:9f:e0:e6:49:a5:68:a5:99:7f:ff:
         19:61:34:64:fc:2a:7e:1a:4c:53:d8:aa:3a:2f:52:dd:bc:bb:
         c8:f5:a3:92
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUbNbTmua8M+sZl99QgmsAP+G8QsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NDJaFw0yMjA5MzAwMDAwNDJaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQ0E3REIyRTc3NjJEMENGRjFD
MjczRDcyNkNGRkY3NjVFMjM2MjZDQUFEOTIyMTZDRDUxMjQ0OEEzMzcyMUY2N0M3
M0VBRkQ3OEY4QTBFMEQyN0JCMjAxNUE4QkVEN0VCREYzREZDRkRGOENGQjFCMjUx
RjBBOUE0QzFBOUNBNzlGRkJFNDhGNUVENjQ4NEZCMjNGQjI1QTc4OEZGMTEwQkVE
OEY1MTlCOTk1NTUxODMxNTdDOEEzNEY4QzNBOTI0MjlDNTJENEYyOTJFMjA3MTND
QTZGQTdBQTI4MjgxNDc1ODUwODRGREQyOTM1Qjk2NTAzM0IxRjExQThDM0UzQzZD
RkFEQTlFN0Y4ODQ2NTAzRjIwQzg0QUExQTY3NDA5MUY3MDM0ODYwREVGQzA2QjBD
MTMwNzI4QzVGQzY1Q0JDOUI1NEUyNzgyOEVBRjFBOUIzRUU5NjAyNTcwQzdCQjFE
NzM0MDNBRDIyNTdCMUVCNTJFQkNFOUU2OTFCNTcyQUQxOEE3NDhFNkE5MzM1NTBG
QzNERTE4RUVGNzU5OTI1NUZGRTM0QzJCOEU1NkQ3MTBCOTg0ODdBQ0YxOTA0MTY2
QzRDMzJFRDNFQjZGNjlGMDA5QzgyQjE0QTk4MjVGNzVBNDkzQTJDQTlDMjIxNjkz
OEFEMTY3NkM0MUVCRTUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyn2y53YtDP8cJz1ybP/3ZeI2JsqtkiFs1RJEijNyH2fHPq/Xj4oO
DSe7IBWovtfr3z38/fjPsbJR8KmkwanKef++SPXtZIT7I/slp4j/EQvtj1GbmVVR
gxV8ijT4w6kkKcUtTykuIHE8pvp6ooKBR1hQhP3Sk1uWUDOx8RqMPjxs+tqef4hG
UD8gyEqhpnQJH3A0hg3vwGsMEwcoxfxly8m1TieCjq8amz7pYCVwx7sdc0A60iV7
HrUuvOnmkbVyrRinSOapM1UPw94Y7vdZklX/40wrjlbXELmEh6zxkEFmxMMu0+tv
afAJyCsUqYJfdaSTosqcIhaTitFnbEHr5QIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FKovimZH8NxzOcU4Kla6+Ehu833bMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTMyMzEzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAAAhMA0GCSqGSIb3DQEBCwUAA4IBAQBR
QZ9gS5EfxPHcQcJTpvfnFayeUBD1qzkMcw5ycgvfpo+rvGds1ySKWizDDtGdFp0q
moJdr4PDzbghVl9KK72Y4C5fwU1E7AChfjIRB8RgyLz+3reF4L2cxm+lPiKuXXR9
wwBSTPDPg7z5UelVXesG4LDqr4+SKo32E5ykDUg/7qsqwnml10rI+OdpVTYpSXYh
vOXkMg3gG7Gxtx4mzg05n2nXsl3fSPH1MtkvWfDKRzdjGH3N9ncTvwc/i+HeVI44
QZCFMAjRPLLlS0jJXvx7nO9/aBiDB+ZFh+xGWGHQF5/g5kmlaKWZf/8ZYTRk/Cp+
GkxT2Ko6L1LdvLvI9aOS
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org